CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2019-13758 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
702 CVE-2019-13757 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
703 CVE-2019-13756 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
704 CVE-2019-13755 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
705 CVE-2019-13754 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
706 CVE-2019-13753 125 +Info 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
707 CVE-2019-13752 125 +Info 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
708 CVE-2019-13751 908 +Info 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
709 CVE-2019-13750 20 Bypass 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
710 CVE-2019-13749 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
711 CVE-2019-13748 862 +Info 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
712 CVE-2019-13747 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
713 CVE-2019-13746 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
714 CVE-2019-13745 200 +Info 2019-12-10 2021-07-21
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
715 CVE-2019-13744 200 +Info 2019-12-10 2019-12-16
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
716 CVE-2019-13743 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
717 CVE-2019-13742 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
718 CVE-2019-13741 79 XSS Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
719 CVE-2019-13740 346 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
720 CVE-2019-13739 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
721 CVE-2019-13738 269 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
722 CVE-2019-13737 200 +Info 2019-12-10 2019-12-16
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
723 CVE-2019-13736 787 Overflow 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
724 CVE-2019-13735 787 Exec Code 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
725 CVE-2019-13734 787 2019-12-10 2020-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
726 CVE-2019-13732 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
727 CVE-2019-13730 787 2019-12-10 2022-01-01
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
728 CVE-2019-13729 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
729 CVE-2019-13728 787 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
730 CVE-2019-13727 281 Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
731 CVE-2019-13726 119 Exec Code Overflow 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
732 CVE-2019-13725 416 Exec Code 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
733 CVE-2019-13672 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS.
734 CVE-2019-13533 294 2019-12-16 2020-01-02
6.8
None Remote Medium Not required Partial Partial Partial
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
735 CVE-2019-13465 DoS 2019-12-30 2020-08-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.
736 CVE-2019-13456 203 +Info 2019-12-03 2022-01-01
2.9
None Local Network Medium Not required Partial None None
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
737 CVE-2019-13445 190 Overflow 2019-12-30 2020-01-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.
738 CVE-2019-13347 2019-12-13 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
739 CVE-2019-13182 79 XSS 2019-12-16 2019-12-18
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
740 CVE-2019-13181 1236 2019-12-16 2020-08-24
4.0
None Remote Low ??? None Partial None
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
741 CVE-2019-12837 200 +Info 2019-12-31 2021-07-21
4.0
None Remote Low ??? Partial None None
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.
742 CVE-2019-12734 862 2019-12-06 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
SiteVision 4 has Incorrect Access Control.
743 CVE-2019-12733 Exec Code 2019-12-06 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
SiteVision 4 allows Remote Code Execution.
744 CVE-2019-12568 787 DoS Exec Code Overflow 2019-12-23 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.
745 CVE-2019-12567 787 DoS Exec Code Overflow 2019-12-23 2020-01-03
7.5
None Remote Low Not required Partial Partial Partial
Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.
746 CVE-2019-12518 120 Overflow 2019-12-02 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
747 CVE-2019-12503 306 2019-12-02 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
748 CVE-2019-12420 400 2019-12-12 2020-01-13
5.0
None Remote Low Not required None None Partial
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
749 CVE-2019-12418 522 2019-12-23 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
750 CVE-2019-12414 200 +Info 2019-12-16 2019-12-19
5.0
None Remote Low Not required Partial None None
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.